|Numéro de publication||US7769697 B2|
|Type de publication||Octroi|
|Numéro de demande||US 11/530,736|
|Date de publication||3 août 2010|
|Date de dépôt||11 sept. 2006|
|Date de priorité||13 juil. 2000|
|État de paiement des frais||Payé|
|Autre référence de publication||US7177849, US20020007352, US20070005514|
|Numéro de publication||11530736, 530736, US 7769697 B2, US 7769697B2, US-B2-7769697, US7769697 B2, US7769697B2|
|Inventeurs||Jacques Fieschi, Jean-Francois Le Pennec, Patrick Michel, Pascal Roy|
|Cessionnaire d'origine||International Busniess Machines Corporation|
|Exporter la citation||BiBTeX, EndNote, RefMan|
|Citations de brevets (24), Citations hors brevets (9), Référencé par (18), Classifications (37), Événements juridiques (3)|
|Liens externes: USPTO, Cession USPTO, Espacenet|
The present application is a continuation of parent U.S. patent application Ser. No. 09/810,286, filed on Mar. 16, 2001, the disclosure of which is expressly incorporated by reference herein in its entirety. Further, the present application claims priority under 35 U.S.C. §119 of European Patent Application No. 00480058.7 filed on Jul. 13, 2000, the disclosure of which is hereby incorporated by reference herein in its entirety.
The present invention relates generally to the methods and systems for enhancing the security of the electronic transactions using a credit or debit card and relates in particular to a method for validating an electronic payment by a credit/debit card.
The electronic payment is more and more used to perform transactions, in particular through the Internet network. In such a case, a seller provides an electronic catalog for selling articles or even services through Internet. Any buyer connected by a terminal to Internet can consult the catalog and purchase the proposed articles by sending his order to the seller through Internet together with his credit/debit card number (herein after referred to as “card number”).
Generally, the payment is validated by using an electronic payment center which is also connected to the Internet network. Such a center is connected to the banking companies and authorized/certified by these banking companies. At the same time the buyer orders the articles to the seller, he transmits his PIN (Personal Identification Number) code to the electronic payment center together with the identification of the purchased articles, the date and the time of the purchase. Upon receiving the order, the seller sends the identification of the articles, the time and date and the card number to the electronic payment center which can then validate the payment after checking that the PIN code number corresponds to the card number.
But, in such an electronic payment, it is always the buyer who decides and validates the transaction. Now, considering the increase of electronic payment through the Internet network, and considering the need that such a system may be available to several people depending upon a single credit like to young people (children) or old people (grandparents) who are sometimes overtaken by the today techniques, it is a problem not having such a transaction being validated by the prime owner of the credit card, or in a general way by a third party.
Accordingly, the main object of the invention is to achieve a method for validating by a third party an electronic payment using a credit/debit card.
The invention relates therefore to a method for validating an electronic payment by a credit/debit card in a transaction system comprising a seller terminal for registering a sale of one or several articles by a buyer using a card associated with a plurality of PIN codes and an electronic payment center connected to the seller terminal by the Internet network, the method consisting for the electronic payment center to check that a buyer PIN code which is provided by the buyer to the center is associated with the number of the credit/debit card provided by the buyer to the seller terminal. Such a method is characterized in that it further comprises the step automatically carried out by the electronic payment center of checking with a third party whether the buyer PIN code is valid.
The above and other objects, features and advantages of the invention will be better understood by reading the following more particular description of the invention in conjunction with the accompanying drawings wherein
According to the invention, a buyer terminal 10, a seller terminal 12 and an electronic payment center 14 are all connected to the Internet network 16. When the buyer wants to order articles after having consulted an electronic catalog, he sends the order through the network to the seller terminal 12. For this, he sends with an encryption key 1 provided by the seller at the initialization of the transaction, the necessary information that is the credit/debit card number, the identification of the ordered articles and the time and date of the purchase. At the same time, the buyer sends through the Internet another message which is encrypted by an encryption key 2 to the electronic payment center 14, this message containing the identification of the purchased articles, and the time and date of the purchase. After receiving the purchase order, the seller terminal 12 sends with an encryption key 3 the information necessary to achieve the electronic payment, that is the identification of the articles and the time and date of the purchase, and also a PIN code number. Note that encryption key keys 2 and 3 have been previously provided by the electronic payment center to respectively the buyer 10 and the seller 12.
It must be noted that generally the buyer 10 is remote from the seller and the transaction between them is made through Internet. But it is possible that a buyer 11 be in the seller shop. In such a case, the necessary information is directly provided by the buyer and the information containing the PIN code is transmitted from the terminal seller 12 to the electronic payment center.
After receiving the PIN code number from the buyer 10, the electronic payment center 14 checks whether the PIN code number being received is a valid PIN code by checking in profile tables 18, the entries of which are the card numbers, and giving some other information for each PIN code such as the authorized amount. If so, the electronic payment center 14 launches a validation process by contacting a third party 20 through a phone network 22. It must be noted that such a phone network is preferably a wireless phone network wherein the third party 20 is the owner of a mobile phone because the third party can be always contacted (assuming the third party's mobile phone is always activated). Note also that the phone network could be replaced by any kind of transmission network, and in particular, the Internet network.
The steps of the method according to the invention, performed in the electronic payment center are now described in reference to the flow chart of
Coming back to
When the requested amount is below the authorized maximum, the computer of the electronic payment center checks whether it has received in a previous interval of time (for example one hour) a prevalidation from the third party including the delivery of the PIN code (step 42). It must be noted that this prevalidation can occur at any time and also canceled at any time by the third party calling the computer of the electronic payment center and through interactive dialog using a phone keyboard.
When such a prevalidation has been received, the computer of the electronic payment center validates the transaction (step 44) after having cleared (step 46) the prevalidation information (so, it is no more valid for a potential next transaction). When there is no prevalidation, the computer calls the third party (step 48) and through artificial voice, asks for the authorized PIN code to determine whether the PIN code provided by the buyer is a correct PIN code (step 50). If so, the transaction is validated (step 44). If the PIN code provided by the third party does not correspond to the PIN code provided by the buyer, an electronic error message is sent to the buyer terminal (step 52).
|Brevet cité||Date de dépôt||Date de publication||Déposant||Titre|
|US4837422||8 sept. 1987||6 juin 1989||Juergen Dethloff||Multi-user card system|
|US5285055||11 sept. 1991||8 févr. 1994||Kabushiki Kaisha Toshiba||IC card and read/write control method for controlling data readout/data write-in with respect to data storing means contained in IC card|
|US5708422||31 mai 1995||13 janv. 1998||At&T||Transaction authorization and alert system|
|US5914472 *||23 sept. 1997||22 juin 1999||At&T Corp||Credit card spending authorization control system|
|US5953710 *||9 oct. 1996||14 sept. 1999||Fleming; Stephen S.||Children's credit or debit card system|
|US5963926||4 mars 1997||5 oct. 1999||Hitachi, Ltd.||Computer implemented method, system and apparatus for processing various transactions using a plurality of transaction cards|
|US5999596 *||6 mars 1998||7 déc. 1999||Walker Asset Management Limited||Method and system for controlling authorization of credit card transactions|
|US5999624 *||24 déc. 1996||7 déc. 1999||Compaq Computer Corporation||Remote financial transaction system|
|US6014650 *||19 août 1997||11 janv. 2000||Zampese; David||Purchase management system and method|
|US6098053 *||26 janv. 1999||1 août 2000||Citibank, N.A.||System and method for performing an electronic financial transaction|
|US6205437||2 mars 1998||20 mars 2001||Open Market, Inc.||Open network payment system for providing for real-time authorization of payment and purchase transactions|
|US6213391 *||10 sept. 1997||10 avr. 2001||William H. Lewis||Portable system for personal identification based upon distinctive characteristics of the user|
|US6327578||29 déc. 1998||4 déc. 2001||International Business Machines Corporation||Four-party credit/debit payment protocol|
|US6748367||21 sept. 2000||8 juin 2004||Joonho John Lee||Method and system for effecting financial transactions over a public network without submission of sensitive information|
|US6853987||27 oct. 1999||8 févr. 2005||Zixit Corporation||Centralized authorization and fraud-prevention system for network-based transactions|
|US7136841 *||23 nov. 2004||14 nov. 2006||Zix Corporation||Centralized authorization and fraud-prevention system for network-based transactions|
|US20010039535||9 févr. 2001||8 nov. 2001||Tsiounis Yiannis S.||Methods and systems for making secure electronic payments|
|US20020077837||14 déc. 2000||20 juin 2002||Scott Krueger||Secure networked transaction system|
|US20030212642 *||11 mars 2003||13 nov. 2003||Visa International Service Association||Online payer authentication service|
|FR2720176A1||Titre non disponible|
|FR2769736A1||Titre non disponible|
|GB2289783A||Titre non disponible|
|KR20000036972A||Titre non disponible|
|WO1999045693A1||4 mars 1999||10 sept. 1999||Walker Asset Management Ltd||Method and system for controlling authorization of credit card transactions|
|1||Final Office Action dated Apr. 1, 2004 for U.S. Appl. No. 09/810,286.|
|2||Final Office Action dated Jan. 18, 2006 for U.S. Appl. No. 09/810,286.|
|3||Final Office Action dated May 9, 2005 for U.S. Appl. No. 09/810,286.|
|4||Meyer et al., "Some Cryptographic Principles of Authentication in Electronic Funds Transfer Systems", 1981, IEEE.|
|5||Non-Final Office Action dated Apr. 6, 2006 for U.S. Appl. No. 09/810,286.|
|6||Non-Final Office Action dated Oct. 10, 2003 for U.S. Appl. No. 09/810,286.|
|7||Non-Final Office Action dated Oct. 15, 2004 for U.S. Appl. No. 09/810,286.|
|8||Non-Final Office Action dated Sep. 12, 2005 for U.S. Appl. No. 09/810,286.|
|9||Notice of Allowance dated Jan. 9, 2007 for U.S. Appl. No. 09/810,286.|
|Brevet citant||Date de dépôt||Date de publication||Déposant||Titre|
|US8175889||5 avr. 2006||8 mai 2012||Experian Information Solutions, Inc.||Systems and methods for tracking changes of address based on service disconnect/connect data|
|US8195549||24 juin 2011||5 juin 2012||Consumerinfo.Com, Inc.||Systems and methods of on-line credit information monitoring and control|
|US8312033||26 juin 2009||13 nov. 2012||Experian Marketing Solutions, Inc.||Systems and methods for providing an integrated identifier|
|US8464939||18 juin 2013||Consumerinfo.Com, Inc.||Card registry systems and methods|
|US8478674||30 sept. 2011||2 juil. 2013||Consumerinfo.Com, Inc.||Application clusters|
|US8515844||15 mai 2012||20 août 2013||Consumerinfo.Com, Inc.||Systems and methods of on-line credit information monitoring and control|
|US8744956||24 août 2012||3 juin 2014||Experian Information Solutions, Inc.||Systems and methods for permission arbitrated transaction services|
|US8781953||9 févr. 2010||15 juil. 2014||Consumerinfo.Com, Inc.||Card management system and method|
|US8782217||9 nov. 2011||15 juil. 2014||Safetyweb, Inc.||Online identity management|
|US8818888||27 juin 2013||26 août 2014||Consumerinfo.Com, Inc.||Application clusters|
|US8856894||12 mars 2013||7 oct. 2014||Consumerinfo.Com, Inc.||Always on authentication|
|US8931058||1 juil. 2011||6 janv. 2015||Experian Information Solutions, Inc.||Systems and methods for permission arbitrated transaction services|
|US8954459||9 nov. 2012||10 févr. 2015||Experian Marketing Solutions, Inc.||Systems and methods for providing an integrated identifier|
|US8972400||11 mars 2013||3 mars 2015||Consumerinfo.Com, Inc.||Profile data management|
|US9106691||16 sept. 2011||11 août 2015||Consumerinfo.Com, Inc.||Systems and methods of identity protection and management|
|US9147042||22 nov. 2011||29 sept. 2015||Experian Information Solutions, Inc.||Systems and methods for data verification|
|US9230283||17 juin 2013||5 janv. 2016||Consumerinfo.Com, Inc.||Card registry systems and methods|
|US20080288405 *||20 mai 2008||20 nov. 2008||Michael Sasha John||Systems and Methods for Automatic and Transparent Client Authentication and Online Transaction Verification|
|Classification aux États-Unis||705/72, 705/64, 705/78, 713/156, 705/50|
|Classification internationale||G06Q20/00, G06Q99/00, G07F7/08, G07F7/10|
|Classification coopérative||G06Q20/347, G06Q20/4014, G06Q20/401, G06Q20/4012, G07F7/08, G07F7/1075, G06Q20/04, G06Q20/382, G06Q20/085, G06Q20/02, G06Q20/0855, G06Q20/4037, G06Q20/425, G07F7/10|
|Classification européenne||G06Q20/04, G06Q20/02, G06Q20/085, G06Q20/4012, G06Q20/382, G06Q20/0855, G06Q20/4014, G06Q20/425, G06Q20/347, G06Q20/401, G07F7/10P8, G06Q20/4037, G07F7/10, G07F7/08|
|20 déc. 2012||AS||Assignment|
Owner name: EBAY INC., CALIFORNIA
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:INTERNATIONAL BUSINESS MACHINES CORPORATION;REEL/FRAME:029514/0190
Effective date: 20120928
|8 janv. 2014||FPAY||Fee payment|
Year of fee payment: 4
|23 juil. 2015||AS||Assignment|
Owner name: PAYPAL, INC., CALIFORNIA
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:EBAY INC.;REEL/FRAME:036163/0469
Effective date: 20150717